Normally, I'd say call stmt.setEscapeProcessing(false) before executing the query, but since you are using QueryRunner I'm guessing you don't have access to the statement object. Another option is to set the ? and its surrounding parameters as a ? such as: In this way, the first question mark is replaced by the first item in the parameters array, which is untouched.

Not really, he specifically uses update() instead of select, but either way, how is this solution any different? Should still work since after the parameters are inserted, the processing is complete. Keep in mind this code will be sent to the database as: Select publisher from books where title='What is the name of this book?'

The problem with sending the second the statement directly is that JDBC PreparedStatement muddles things up and if you can't turn processing off on the statement, this is the next best thing. [ July 08, 2008: Message edited by: Scott Selikoff ]

The fact that you are using prepare statement, you shouldn't be hardcoding the dynamic content in it instead should be making use of parameters. That is what they were designed for.

However if you still want to hardcode the values in the preparedStatement itself, you can enclose the Strings in the single quotes ('), and it should work fine. Check out this example.

which prints

[ July 08, 2008: Message edited by: Santhosh Kumar ]

Abhijith Prabhakar
Ranch Hand

Joined: Dec 29, 2006
Posts: 56

posted Jul 09, 2008 01:47:00

0

Dear all,

Thanks for the reply.

My problem is bit different. I have to update a row in database not select it. It is something like this String strQuery = "UPDATE tablename set columnname = 'there is ? in middle'"; QueryRunner queryRunner = new QueryRunner(this.getDataSource()); queryRunner.update(strQuery);

This is working perfectly fine for all other strings. It is throwing exception only when there is a question mark present in String like given above.